Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
zkt-conf(8)							   zkt-conf(8)

NAME
       zkt-conf	-- Secure DNS zone key config tool

SYNOPSYS
       zkt-conf	[-V name] [-w] -d [-O optstr]
       zkt-conf	[-V name] [-w] [-s] [-c	file] [-O optstr]
       zkt-conf	[-V name] [-w] -l [-a] [-c file] [-O optstr]

       zkt-conf	[-c file] [-w] zonefile

DESCRIPTION
       The  zkt-conf command helps to create and show a	config file for	use by
       the Zone	Key Tool  commands,  which  are	 currently  zkt-ls(8)  ,  zkt-
       keyman(8) , and zkt-signer(8).

       In  general, the	ZKT commands uses up to	three consequitive sources for
       config parameter	settings:

	      a) The build-in default parameters

	      b) The side wide config file or the file specified  with	option
	      -c    overloads	 the	built-in    vars.     The    file   is
	      /etc/namedb/dnssec.conf  or  the	one  set  by  the  environment
	      variable ZKT_CONFFILE.

	      c)  The  local  config  file  dnssec.conf	 in  the  current zone
	      directory	also overloads the parameter read so far.

       Because of the overload feature,	none of	the config files has to	have a
       complete	parameter set.	Typically the local config file	will have only
       those parameters	which are different from the global or built-in	ones.

       The default operation of	zkt-conf(8) is to print	the site  wide	config
       file  (same  as	option	-s).   Option  -d  will	print out the built-in
       defaults	while -l print those local parameters which are	 different  to
       the global ones.	 In the	last case -a gives the fully (--all) parameter
       list.

       In all forms of the command, the	parameters are changeable  via	option
       -O (--config-option).

       With  option  -w	(--write) the confg parameters are written back	to the
       config file.  This is useful in case of an ZKT upgrade  or  if  one  or
       more parameters are changed by option -O.

       Option -t checks	some of	the parameter for reasonable values.

       Which config file is shown (or modified or checked) is determined by an
       option.	-d means the built-in defaults,	option -l  is  for  the	 local
       config  file  and -s specifies the site wide config file.  Option -s is
       the default.

       In the last form	of the command,	the  maximum  TTL  value  of  all  the
       resource	 records  of  zonefile	is  calculated	and  print  on stdout.
       Additional, the zonefile	is checked if the key database (dnskey.db)  is
       included	 in  the  zone	file.	If  option -w is set, than the INCLUDE
       directive will be added to the zone file	if necessary, and the  maximum
       ttl value is written to a local config file.

COMMAND	OPTIONS
       -h, --help
	      Print out	the online help.

       -d, --built-in-defaults
	      List all the built-in default parameter.

       -s, --sitecfg
	      List all site wide config	parameter (this	is the default).

       -l, --localcfg
	      List local config	parameter which	are different to the site wide
	      config parameter.	 With otion -a (--all) all  config  parameters
	      will be shown.

OPTIONS
       -V view,	--view=view
	      Try  to  read  the  default  configuration  out  of a file named
	      dnssec-_view_.conf .  Instead of specifying  the	-V  or	--view
	      option  every  time,  it	is  also  possible to create a hard or
	      softlink to the executable file and name it like zkt-conf-_view_
	      .

       -c file,	--config=file
	      Read  all	 parameter  from the specified config file.  Otherwise
	      the default config file is read or build	in  defaults  will  be
	      used.

       -O optstr, --config-option=optstr
	      Set  any	config	file  parameter	 via the commandline.  Several
	      config file options could	be specified at	 the  argument	string
	      but have to be delimited by semicolon (or	newline).

       -a, --all
	      In  case	of  showing  the local config file parameter (-l) this
	      prints all parameter, not	just the ones different	 to  the  site
	      wide or built-in defaults.

SAMPLE USAGE
       zkt-conf	-d
	      Print the	built-in default config	pars.

       zkt-conf	-d -w
	      Write all	the built-in defaults into the site wide config	file.

       zkt-conf	 -s -O "SerialFormat: Incremental; Zonedir: /etc/namedb/zones"
       -w
	      Change two parameters in the site	wide dnssec.conf file.

       zkt-conf	-w zone.db
	      Add $INCLUDE dnskey.db to	the zone file and set the maximum  ttl
	      paramter in the local config file	to the maximum ttl fond	in any
	      RR of zone.db.

ENVIRONMENT VARIABLES
       ZKT_CONFFILE
	      Specifies	the name of the	default	global configuration files.

FILES
       /etc/namedb/dnssec.conf
	      Default global configuration file.   The	name  of  the  default
	      global  config  file  is	settable  via the environment variable
	      ZKT_CONFFILE.

       /etc/namedb/dnssec-_view_.conf
	      View specific global configuration file.

       ./dnssec.conf
	      Local configuration file (additionally used in -l	mode).

AUTHORS
       Holger Zuleger

COPYRIGHT
       Copyright (c) 2005 - 2010 by Holger Zuleger.  Licensed  under  the  BSD
       Licences. There is NO warranty; not even	for MERCHANTABILITY or FITNESS
       FOR A PARTICULAR	PURPOSE.

SEE ALSO
       dnssec-keygen(8),  dnssec-signzone(8),  rndc(8),	 named.conf(5),	  zkt-
       signer(8), zkt-ls(8), zkt-keyman(8),
       RFC4641 "DNSSEC Operational Practices" by Miek Gieben and Olaf Kolkman,
       DNSSEC HOWTO Tutorial by	Olaf Kolkman, RIPE NCC
       (http://www.nlnetlabs.nl/dnssec_howto/)

ZKT 1.0			       February	22, 2010		   zkt-conf(8)

NAME | SYNOPSYS | DESCRIPTION | COMMAND OPTIONS | OPTIONS | SAMPLE USAGE | ENVIRONMENT VARIABLES | FILES | AUTHORS | COPYRIGHT | SEE ALSO

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=zkt-conf&sektion=8&manpath=FreeBSD+12.2-RELEASE+and+Ports>

home | help